Course Outline
SD-WAN Solution
- SD-WAN Main Components
- vEdge
- vSmart
- vManage
- vBond
Secure Control Plane Bring-Up
- Zero Trust Security Principles
- Secure Control Channels
- Establishing vEdge Router Identity
- Establishing Control Elements Identities (vBond, vSmart, vEdge)
- Secure Control Channel between vEdge Router and vBond
- Secure Control Channel between vEdge Router and vSmart/vManage
Secure Data Plane Bring-Up
- Limitations of traditional key exchange mechanisms (IKE)
- SD-WAN new centralized Encryption key distribution
- Traffic Encryption for data privacy
- Authentication Header for Data Plane Integrity
- Anti-Replay Protection (man-in-the-middle)
- Role of Bidirectional Forwarding Detection (BFD)
- Considerations about MTU and MSS
- End to End Segmentation (VPN’s)
- Role of Application Visibility and Recognition
- Infrastructure DDoS Mitigation
- Security Policies and Services
- Cloud Security: Secure Direct Internet Access
Overlay Management Protocol (OMP)
- Definition of overlay routing
- Role and characteristics of Overlay Management Protocol (OMP)
- OMP Advertised Routes
- Route Redistribution (edge routing protocol to OMP and vice versa)
- Best Path Algorithm
Using Templates
- Basic Elements in the configuration for any device
- Need for Templates
- Options to Apply Templates to Devices
- Overview of Feature Templates
- Categories of Feature Templates
- Workflow for Applying Templates to Devices
Using Policies
- Policy Architecture
- Lists
- Application Aware Routing Policies
- Control Policies
- Data Policies
- VPN Membership Policies
- Routing Policies
Quality of Service (QoS)
- Data Packet Flow
- Queueing Management
- Control Traffic Prioritization
- Random Early Detection (RED)
- Traffic Policing
- Traffic Shaping
- Marking and Remarking
- Applying QoS policies
BFD and Application Routing based on path performance
- Components of Application-Aware Routing
- Identification (traffic of interest)
- Monitoring and Measuring (path performance)
- Mapping Application Traffic to Specific Transport Tunnel
- Detailed procedure to Configure Application-Aware Routing Policy
Redundancy in SD-WAN Solution
- Remote Location Connectivity Redundancy
- Single vEdge Router – Single Connection
- Single vEdge Router – Dual Connection
- Dual vEdge Router – Dual Connection
- Controllers Redundancy
- vSmart Redundancy
- vBond Redundancy
- vManage Redundancy
Troubleshooting Common Issues
- Troubleshooting Control Plane
- Troubleshooting Data Plane
- Troubleshooting OMP
- Troubleshooting policies
Lab Outline
- Lab 1: Deploy SD-WAN Solution
- - Controllers Deployment
- - vEdge Router Deployment
- - Add vEdge Router to vManage Inventory
- - Configure, Deploy and Verify Control-Plane Connectivity
- Lab 2: Configure and Deploy an Overlay Network
- - Enable OMP
- - Verify OMP
- Lab 3: Provision and Deploy vManage Templates
- - Create Feature Templates
- - Basic Information Templates
- - Transport and Management VPN Templates
- - Service VPN Templates
- - Additional Templates
- - Create Device Templates
- - Apply Device Templates
- - Test Connectivity inside a VPN
- - Test isolation between VPN’s
- Lab 4: Provision and Deploy vManage Policies
- - Deploy and Verify Control Plane Policies
- - Deploy and Verify Data Plane Policies
- Lab 5: Apply and Verify QoS policies
- - Configure Classification and Marking
- - Configure Congestion Management with Queueing
- - Configure Congestion avoidance with WRED
- - Configure Traffic Policing
- Lab 6: Apply App-Aware SLA-based Routing (using BFD)
- Lab 7: Test Redundancy in SD-WAN
- - Test Control Plane Redundancy
- - Test vEdge Router Redundancy
- - Test Transport Redundancy
- Lab 8: Troubleshooting Common Issues
- - Troubleshooting Control Plane
- - Troubleshooting Data Plane